IT IS CLAIMED 

1 . A method for generating a control message to be transmitted from a first 
network device to a second network device in a data network, the control message 
relating to an action to be performed at the second network device, the method 

5 comprising: 

determining a first control message to be generated; 

identifying reason information relating to at least one reason for generating the 
first control message; and 

generating the first control message, the first control message including said 
10 reason information. 

2. The method of claim 1 wherein the fu-st control message corresponds to 
an Internet Key Exchange protocol control message. 

15 3. The method of claim 1 wherein the first control message corresponds to 

an EP Security protocol control message. 

4. The method of claim 1 wherein the first control message corresponds to 
an Internet Security Association Key Management Protocol control message. 

20 

5. The method of claim 1 wherein the first control message corresponds to 
a control message used for modifying a security association. 

6. The method of claim 1 ftirther comprising transmitting the first control 
25 message to the second network device to thereby cause the second network device to 

implement an appropriate action in response to the first control message. 

7. A method for communicating between nodes in a data network, the 
method comprising: 
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receiving a first control message from a first node, the control message 
including reason information relating to at least one reason for the generation of the 
first control message; 

identifying the reason information; 
5 determining an appropriate response to the first control message using at least 

said reason information; and 

implementing said appropriate response. 

8. The method of claim 7 wherein the first control message corresponds to 
1 0 an hitemet Key Exchange protocol control message. 

9. The method of claim 7 wherein the first control message corresponds to 
an IP Security protocol control message. 

15 10. The method of claim 7 wherein the first control message corresponds to 

an Internet Security Association Key Management Protocol control message. 

1 1 . The method of claim 7 wherein the first control message corresponds to 
a control message used for modifying a security association. 

20 

12. The method of claim 7 further comprising: 

implementing a first response to the first control message if the reason 
information includes a first reason code; and 

implementing a second response to the control message if the reason 
25 information includes a second reason code. 

13. The method of claim 7 wherein the control message relates to an action 
to be performed at a network device receiving the control message. 

30 14. A computer program product for generating a control message to be 

transmitted from a first network device to a second network device in a data network. 
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the control message relating to an action to be performed at the second network device, 
the computer program product comprising: 

a computer usable medium having computer readable code embodied therein, 
the computer readable code comprising: 
5 computer code for determining a first control message to be generated; 

computer code for identifying reason information relating to at least one reason 
for generating the first control message; and 

computer code for generating the first control message, the first control message 
including said reason information. 

10 

15. The computer program product of claim 14 wherein the first control 
message corresponds to an Internet Key Exchange protocol control message. 

16. The computer program product of claim 14 wherein the first control 
1 5 message corresponds to an IP Security protocol control message. 

17. The computer program product of claim 14 wherein the first control 
message corresponds to an hitemet Security Association Key Management Protocol 
control message. 

20 

18. The computer program product of claim 14 wherein the first control 
message corresponds to a control message used for modifying a security association. 

19. A computer program product for communicating between nodes in a 
25 data network, the computer program product comprising: 

a computer usable medium having computer readable code embodied therein, 
the computer readable code comprising: 

computer code for receiving a first control message firom a first node, the 
control message including reason information relating to at least one reason for the 
30 generation of the first control message; 

computer code for identifying the reason information; 
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computer code for determining an appropriate response to the first control 
message using at least said reason information; and 

computer code for implementing said appropriate response. 

5 20. The computer program product of claim 19 wherein the first control 

message corresponds to an Internet Key Exchange protocol control message. 

21. The computer program product of claim 19 wherein the first control 
message corresponds to an IP Security protocol control message. 

10 

22. The computer program product of claim 19 wherein the first control 
message corresponds to an Internet Security Association Key Management Protocol 
control message. 

15 23. The computer program product of claim 19 wherein the first control 

message corresponds to a control message used for modifying a security association. 

24. The computer program product of claim 1 9 further comprising: 
computer code for implementing a first response to the first control message if 

20 the reason information includes a first reason code; and 

computer code for implementing a second response to the control message if the 
reason information includes a second reason code. 

25. The computer program product of claim 19 wherein the control message 
25 relates to an action to be performed at a network device receiving the control message. 

26. A system for communicating between nodes in a data network, the 
system comprising: 

means for receiving a first control message fi:om a first node, the control 
30 message including reason information relating to at least one reason for the generation 
of the first control message; 

means for identifying the reason information; 
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means for determining an appropriate response to the first control message using 
at least said reason information; and 

means for implementing said appropriate response. 

5 27. The system of claim 26 wherein the first control message corresponds to 

an hitemet Key Exchange protocol control message. 

28. The system of claim 26 wherein the first control message corresponds to 
an IP Security protocol control message. 

10 

29. The system of claim 26 wherein the first control message corresponds to 
an Internet Security Association Key Management Protocol control message. 

30. The system of claim 26 wherein the first control message corresponds to 
1 5 a control message used for modifying a security association. 

31. The system of claim 26 fiirther comprising means for transmitting the 
first control message to the second network device to thereby cause the second network 
device to implement an appropriate action in response to the first control message. 

20 

32. The system of claim 26 further comprising: 

means for implementing a first response to the first confi-ol message if the 
reason information includes a first reason code; and 

means for implementing a second response to the control message if the reason 
25 information includes a second reason code. 

33. The system of claim 26 wherein the control message relates to an action 
to be performed at a network device receiving the control message. 

30 34. A system for generating a control message to be transmitted to a network 

device in a data network, the control message relating to an action to be performed at 
the network device, the system comprising: 
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at least one CPU; 
memory; and 

at least one interface for communicating with the network device; 
the system being configured or designed to determine a first control message to 
5 be generated; 

the system being further configured or designed to identify reason information 
relating to at least one reason for generating the first control message; and 

the system being further configured or designed to generate the first control 
message, wherein the first control message includes said reason information. 

10 

35. The system of claim 34 wherein the first control message corresponds to 
an Intemet Key Exchange protocol control message. 

36. The system of claim 34 wherein the first control message corresponds to 
15 an IP Security protocol control message. 

37. The system of claim 34 wherein the first control message corresponds to 
an Intemet Security Association Key Management Protocol control message. 

20 38. The system of claim 34 wherein the first control message corresponds to 

a control message used for modifying a security association. 

39. The system of claim 34 being further configured or designed to transmit 
the first control message to a second network device to thereby cause the second 

25 network device to implement an appropriate action in response to the first control 
message. 

40. A system for communicatuig between nodes in a data network, the 
system comprising: 

30 at least one CPU; 

memory; and 

at least one interface for communicating with at least one network device; 
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the system being configured or designed to receive a first control message from 
a first node, the control message including reason information relating to at least one 
reason for the generation of the first control message; 

the system being further configured or designed to identify the reason 
5 information; 

the system being further configured or designed to determine an appropriate 
response to the first control message using at least said reason information; and 

the system being further configured or designed to implement said appropriate 
response. 

10 

41 . The system of claim 40 wherein the first control message corresponds to 
an Internet Key Exchange protocol control message. 

42. The system of claim 40 wherein the first control message corresponds to 
15 an IP Security protocol control message. 

43. The system of claim 40 wherein the first control message corresponds to 
an Internet Security Association Key Management Protocol control message. 

20 44. The system of claim 40 wherein the first control message corresponds to 

a control message used for modifying a security association. 

45. The system of claim 40 further comprising: 

the system being further configured or designed to implement a first response to 
25 the first control message if the reason information includes a first reason code; and 

the system being further configured or designed to implement a second response 
to the control message if the reason information includes a second reason code. 
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